Re: [Isms] tm table was Re: pre-08 for TSM document

To: "'tom.petch'" <cfinss at dial.pipex.com>, <j.schoenwaelder at jacobs-university.de>
Subject: Re: [Isms] tm table was Re: pre-08 for TSM document
From: "David Harrington" <ietfdbh at comcast.net>
Date: Sat, 28 Jun 2008 10:46:20 +0800
Cc: isms at ietf.org
Delivered-to: ietfarch-isms-web-archive at core3.amsl.com
Delivered-to: isms at core3.amsl.com
In-reply-to: <049801c8d878$ce03f4a0$0601a8c0@allison>
List-archive: <http://www.ietf.org/pipermail/isms>
List-help: <mailto:isms-request@ietf.org?subject=help>
List-id: Mailing list for the ISMS working group <isms.ietf.org>
List-post: <mailto:isms@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/isms>, <mailto:isms-request@ietf.org?subject=unsubscribe>
References: <00d201c8d1f9$06f328c0$3bf780de@china.huawei.com> <00e201c8d201$b5e9ae50$3bf780de@china.huawei.com> <007f01c8d5d1$01b0bc20$0601a8c0@allison> <20080627071220.GA2713@elstar.local> <008f01c8d843$954821c0$0601a8c0@allison> <029801c8d856$96c180b0$51f780de@china.huawei.com> <049801c8d878$ce03f4a0$0601a8c0@allison>
Sender: isms-bounces at ietf.org
Thread-index: AcjYgfFAIEQYjAv7TCy7+nNOKE0PtgAREUTQ

 



> > > (The SSHTM I-D says
> > > "     1) Determine the target index by extracting the
> > transportDomain,
> > >       transportAddress, securityName, and securityLevel from the
> > >       tmStateReference.
> > >       2) Lookup the session in the Local Configuration Datastore
> > using
> > >       the target index " )
> 
> ... from the information that the SSHTM has from receiving a 
> session and
> subsequent inbound messages, it has no knowledge of securityName and
> securityLevel.  

OK. sometimes we talk about the concept instead the exact variable
name that must be used. We are not implementing this, we are
describing how it works conceptually. I will make sure to change this
to say tmSecurityName and tmSecurityLevel. (or more accurately,
tmRequestedSecurityLevel and tmTransportSecurityLevel). 

> So when an outbound message is passed down to 
> it, and the SSHTM,
> as per EOP, is expected to use the 4-tuple to look for a 
> session, then this may
> be the first that the SSHTM has ever heard of the particular values
of
> securityName and securityLevel; it may have a match on 
> tranportAddress and
> transportDomain in the table of sessions it has (initiated 
> or) received (along
> with other SSH data), it could have several but how can it 
> tell if the two
> security parameters match?
> 
> (eg it cannot use tmTransportSecurityLevel as that is always 
> authPriv for SSH
> and the application creating the outbound message may have 
> had other ideas)
> 
> I was envisaging that some unique index could pass from TM to 
> SM so that SM
> could hand back index+securityName+securityLevel; or that 
> there is a common
> table into which SM inserts securityName+securityLevel so 
> that TM now can
> associate them with a session (but which the structure of the 
> snmpTsmLCDTable
> now seems to rule out as a candiate) or ..
> 
> Puzzled,
> 
> Tom Petch
> 
> 
> > >
> > > Tom Petch
> > >
> > > ----- Original Message -----
> > > From: "Juergen Schoenwaelder" 
> <j.schoenwaelder at jacobs-university.de>
> > > To: "tom.petch" <cfinss at dial.pipex.com>
> > > Cc: "David Harrington" <ietfdbh at comcast.net>; <isms at ietf.org>
> > > Sent: Friday, June 27, 2008 9:12 AM
> > > Subject: Re: [Isms] pre-08 for TSM document
> > >
> > >
> > > > On Tue, Jun 24, 2008 at 09:58:24AM +0200, tom.petch wrote:
> > > >
> > > > > Focussing on this I-D, you say that the TM will not alter
the
> > LCD
> > > > > table, but I think that it will struggle to read it, 
> at least on
> > > > > inbound messages, as it cannot be sure what the
> > > securityName is and
> > > > > so cannot index into the table.  It could walk the table
> > > looking for
> > > > > a matching snmpTsmLCDName ... well perhaps not.
> > > >
> > > > I fail to see why a TM needs to read the table. The TM just
> > > passes the
> > > > name provided by the transport via the tmStateReferences
> > > and TSM then
> > > > does any mappings as needed.
> > > >
> > >
> > > <snip>
> > >
> > >
> >
> 
> 

_______________________________________________
Isms mailing list
Isms at ietf.org
https://www.ietf.org/mailman/listinfo/isms

Follow-Ups:
- Re: [Isms] tm table was Re: pre-08 for TSM document
  - From: tom.petch

References:
- [Isms] pre-08 for TSM document
  - From: David Harrington
- Re: [Isms] pre-08 for TSM document
  - From: David Harrington
- Re: [Isms] pre-08 for TSM document
  - From: tom.petch
- Re: [Isms] pre-08 for TSM document
  - From: Juergen Schoenwaelder
- [Isms] tm table was Re: pre-08 for TSM document
  - From: tom.petch
- Re: [Isms] tm table was Re: pre-08 for TSM document
  - From: David Harrington
- Re: [Isms] tm table was Re: pre-08 for TSM document
  - From: tom.petch

Prev by Date: Re: [Isms] tm table was Re: pre-08 for TSM document
Next by Date: Re: [Isms] tm table was Re: pre-08 for TSM document
Previous by thread: Re: [Isms] tm table was Re: pre-08 for TSM document
Next by thread: Re: [Isms] tm table was Re: pre-08 for TSM document
Index(es):
- Date
- Thread

Re: [Isms] tm table was Re: pre-08 for TSM document

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.